Despite the popularity of rooting, there are several reasons why you shouldn’t root your device. I’m not here to discuss all of them — in this article I want to focus on the security aspects.

What risks are you opening yourself up to by giving yourself root access?

1. Update Problems

Rooting your device will almost certainly render it unable to receive over-the-air (OTA) updates. Some apps try and bypass this shortcoming, but given the way rooting now works, it’s becoming harder and harder to circumvent.

But what’s the problem?

Aside from missing out on some fun and important new features, you’re leaving yourself vulnerable from a security standpoint.

Phone manufacturers will typically push out several new security patches each year. They’re not doing this for the good of their health — they’re doing it because the patches close dangerous, and previously unseen, security vulnerabilities.

For example, Google’s most recent update to their Nexus devices closed a loophole that could have allowed hackers to remotely execute code within the kernel. Affected devices would be permanently compromised; the only way to repair them would be to reinstall the operating system.

2. Can You Trust a Custom ROM?

Okay, lots of people don’t install custom ROMs — they just want to keep the vanilla operating system and delete all the manufacturer-specific bloatware.

Let me make this clear: custom ROMs are not all bad. But it’s foolish to think they are as robust, secure, and as frequently updated as the vanilla OS.

Google, Motorola, Samsung, Sony, et al all have mega budgets, and hundreds of people developing, testing, and refining their products. They can react quickly to any new threats and roll-out out updates to protect the vast majority of their user base. The guys behind custom ROMs have no such power.

And then there is the issue of deliberately malicious ROMs. Again, if you’re au fait with the rooting process and its surrounding community you’re unlikely to become a victim. But the vast majority of people don’t really understand the processes behind what they’re doing — they’re just following some step-by-step instructions they found online. People have been, and will continue to be, caught out.

And I bet there have been many occasions where you blindly clicked on “Allow” without stopping to consider what you’re actually doing.

By allowing an app to have root access, you’re giving it access to your phone’s entire operating system. This totally bypasses all the built-in security that Android offers and lets it see sensitive data that’s stored deep inside your OS.

Apps with root access can also install other software without your knowledge. This software can include programs such as fake keyboards, key-loggers, and fake email apps. And they all have one goal in mind — to steal your personal information and feed it back to cyber-criminals.

These apps are largely obsolete for one reason: the vanilla Android OS is now really secure. Google have added more and more features down the years, and Android 7 is the most robust edition so far.

Rooting your device will evade lots of these OS-level security features. You’ll be instantly more vulnerable to worms, viruses, spyware, and Trojans. These can be delivered in the form of drive-by downloads, malicious links, and infected apps. One slip and you’ll be exposed; the device won’t be there to bail you out.

Tell Us Your Stories

These four points are not scaremongering, they are legitimate and real concerns that you need to be aware of. The worst thing you can do is take a “it won’t happen to me” approach — tens of thousands of people have done that, and tens of thousands of people have been caught out.

As ever, I’d love to hear your stories. Did you root your device and later regret it? Have you been unlucky enough to be infected by a virus on your device? Are you still inclined to take a hands-off approach to your device’s security?

You can leave your thoughts, feedback, and tales in the comments section below.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

53north

June 2, 2018 at 7:12 pm

Bulldinkies. I'd rather lose a dozen rooted devices to Google's malicious scripts, than use an unrooted bloatware infested pig with 40 apps I never use hodding the RAM and wakelocking to send info to Hawaii & back every 15secs.
Android will be toast after Oreo as iphones now allow complete deletion of 95% of apps...

Wow, what a totally ignorant article, apps will still update even though you are rooted. Please be more responsible with your articles, I've been rooting since smart phones were on the market and have never been hacked. Be smart, most issues start with the user.

One of the more balanced articles around. But it still side-steps so many reasons why rooting is a must and an essential thing to do.
1. Backup. How can one claim to know anything about proper IT security unless one has proper backups? Rooting is the only way to back up your device's by imaging partitions or the whole device. After all, I do it with my Windows laptops and PCs.
How the hell else can you do a Nandroid backup with TWRP or CWM unless you root? Its the first thing I do with a new phone that I root. Its not just the security, its the convenience of being to flash it back to its original condition when I first break it out of the box.
How else can any faecal-stirrer talk about IT security without having Titanium Backup to backup (a) apps; and (b) data in each app? With a single tap, I restore all the game data or app setting data for each app which would otherwise take me hours to do for my hundreds of apps. See point (3).
When I get a new phone, I root it immediately in order to have Titanium Backup restore the data in each app from my previous phone. Not only that, to freeze or uninstall bloatware (which only leaks your data - see point 2.
If an app is pulled from the Play Store (cue Flappy Birds for instance), or an updated version of a favourite/essential app sucks or is buggy, I just restore the previous version from Titanium Backup. What? The unrooted users never knew this was possible?
2. Firewall. How can anybody talk about the "Security of not Rooting" when your unrooted phones have all sorts of bloatware and user installed apps from Play Store haemorraghing and uploading your data to dubious developers all the time - while making you, the idiot consumer, pay for it with mobile data over-runs and suffering battery drain?
I root any new phone immediately to install open source AF+Wall so that only whitelisted apps are allowed to have either internet access via Wifi or mobile data (or both or none).
I NEVER come close to my monthly data quota. Even though I have the minimal 2 to 3GB plans only. Even though I may regularly use more than 50GB per month. Cos my firewall restricts the heaviest bandwidth hoggers like my news apps to WIFI ONLY! That is security. G.E.D.D.I.T?!
Its fundamental cow sense for anybody who wants to talk about security ain't it? But no writer or blogger or other ilk of manure-stirrer actually knows this? Surely I can't be the only one?
3. Speaking of (1) and (2), firewalls like that work best with Xposed framework, which is another fundamental thing about security and just as importantly usability. It opens the doorway to have Gravitybox which allows me to restore so many settings and functions from my previous phone to any new phone. Restored via Titanium Backup of course.
One tap enables all the wide ranging UI features that would otherwise not be available on the new phone or will take me half an hour to hunt for and configure in a new phone's system settings.
4. Speaking of security, have all the dung-stirrers talking about a lack of security with rooted phones ever considered what SuperSU etc. are there for? If the open source community can think of rooting, they've obviously thought about security controls too (like firewalls etc. duh...).
That's the difference - talkers talk. The Do-ers like the open source community have thought about it, solved it, done it and used it.
5. Greenify, Power Nap, Amplify, MacroDroid/Tasker, CF lumen, Boot Manager, Trimmer, SD Maid ad nauseum etc, etc, - enough said.

I'm sorry but this entire article demonstrates a complete lack of security knowledge. Rooting your Android can a tool to making it entirely MORE secure. CyanogenMod is great alternative to the stock ROMs. Just because it's rooted doesn't mean every app will automatically get root privileges. There are a ton of things you can do to harden it, that can't be done on stock ROMs. You can get rid of the bloatware and spyware that comes bundled with phones. Manufacturers are slow to push out Android updates so you're able to get security updates a ton faster on CyanogenMod.

Saying that you're automatically vulnerable to malware is patently false, and shows how little you know about rooting and security.

"'Just because it's rooted doesn't mean every app will automatically get root privileges' — not sure where I say or suggest that?"

It's implied that rooting your device lets EVERY program have root access, even though operating systems like Windows and Linux require explicit permission just like Android does in the "superuser" picture you included. Your article seems to imply "we (often) blindly clicked on Allow," when that's not the case, either. If you root your device, you're taking control of it - along with the consequences. Just like every Windows (Visa and up - UAC prompts), Mac OS, or Linux user, ever.

One of the more balanced articles around. But it still side-steps so many reasons why rooting is a must and an essential thing to do.
1. Backup. How can one claim to know anything about proper IT security unless one has proper backups? Rooting is the only way to back up your device's by imaging partitions or the whole device. After all, I do it with my Windows laptops and PCs.
How the hell else can you do a Nandroid backup with TWRP or CWM unless you root? Its the first thing I do with a new phone that I root. Its not just the security, its the convenience of being to flash it back to its original condition when I first break it out of the box.
How else can any faecal-stirrer talk about IT security without having Titanium Backup to backup (a) apps; and (b) data in each app? With a single tap, I restore all the game data or app setting data for each app which would otherwise take me hours to do for my hundreds of apps. See point (3).
When I get a new phone, I root it immediately in order to have Titanium Backup restore the data in each app from my previous phone. Not only that, to freeze or uninstall bloatware (which only leaks your data - see point 2.
If an app is pulled from the Play Store (cue Flappy Birds for instance), or an updated version of a favourite/essential app sucks or is buggy, I just restore the previous version from Titanium Backup. What? The unrooted users never knew this was possible?
2. Firewall. How can anybody talk about the "Security of not Rooting" when your unrooted phones have all sorts of bloatware and user installed apps from Play Store haemorraghing and uploading your data to dubious developers all the time - while making you, the idiot consumer, pay for it with mobile data over-runs and suffering battery drain?
I root any new phone immediately to install open source AF+Wall so that only whitelisted apps are allowed to have either internet access via Wifi or mobile data (or both or none).
I NEVER come close to my monthly data quota. Even though I have the minimal 2 to 3GB plans only. Even though I may regularly use more than 50GB per month. Cos my firewall restricts the heaviest bandwidth hoggers like my news apps to WIFI ONLY! That is security. G.E.D.D.I.T?!
Its fundamental cow sense for anybody who wants to talk about security ain't it? But no writer or blogger or other ilk of manure-stirrer actually knows this? Surely I can't be the only one?
3. Speaking of (1) and (2), firewalls like that work best with Xposed framework, which is another fundamental thing about security and just as importantly usability. It opens the doorway to have Gravitybox which allows me to restore so many settings and functions from my previous phone to any new phone. Restored via Titanium Backup of course.
One tap enables all the wide ranging UI features that would otherwise not be available on the new phone or will take me half an hour to hunt for and configure in a new phone's system settings.
4. Speaking of security, have all the dung-stirrers talking about a lack of security with rooted phones ever considered what SuperSU etc. are there for? If the open source community can think of rooting, they've obviously thought about security controls too (like firewalls etc. duh...).
That's the difference - talkers talk. The Do-ers like the open source community have thought about it, solved it, done it and used it.
5. Greenify, Power Nap, Amplify, MacroDroid/Tasker, CF lumen, Boot Manager, Trimmer, SD Maid ad nauseum etc, etc, - enough said.

Bill

November 23, 2016 at 4:45 pm

Reading your article, it does seem implied that root access will be given to apps - you fraise it as blindly taping allow. Who is this article aimed at? Getting root access (especially nowadays) isn't that easy & I can't imagine people doing it, to then 'blindly tap allow' - moreover which malicious apps are people downloading that request this access?

I don't see how you came to this buzzfeed-esque list of 4 reasons, when you could have 1 simple and concise reason...which you actually touched on in the article - the possibility to give malicious apps root access to your system. Also the OTA updates, that is a right pain.

Could you also clarify your following paragraph please?
"You’ll be instantly more vulnerable to worms, viruses, spyware, and Trojans. These can be delivered in the form of drive-by downloads, malicious links, and infected apps. One slip and you’ll be exposed"

Specifically, how would being rooted, on a browser (with no root access) make you more exposed than being on a stock system?

Anyway, I need to go - i just downloaded an app called "FREE movies and games 100% FREE and hot singles near you" and it's requesting root access.

Dan is a British expat living in Mexico. He is currently a Senior Writer for MakeUseOf. At various times, he has been the Social Editor, Creative Editor, and Finance Editor. Prior to his writing career, he was a Financial Consultant.